HSBC Customers Targeted with Phishing Scam

Malwarebytes security researchers alerting of a new Phishing Scam that is targeting HSBC banking customers. The attack is a phishing campaign to web link that looks very similar to HSBC. The web page displays a help message for users informing them that their account is locked because they have not completed online security form.

Dear customer,

Your account is currently locked!

We locked your account because we needed to draw your attention to the fact that you didn’t complete our security online form for the year 2015.

This form expires today and we need you to finish the process right away.

What you have to do next:

Click “Continue” at the bottom of the page

Review your account and complete the form with required information

Clicking on the link will take victim to specific form that needs to be completed with the credit card number, expiration date, card verification code, and finally the ATM PIN number. This will be enough for cyber-criminal to have all required information.

HSBC Phishing form by malwarebytes

If you receive email or SMS that links to a web page make sure to verify the URL to find if this form for the bank or controlled by attackers. usually bank avoid using emails , SMS or phone calls to complete the form. Also if you receive similar notification alerting of account lock call the bank and they will provide further details if this a scam or a valid alert.